Dr web cureit Nelxi Edition[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Dr web cureit Nelxi Edition.exe
Size

4.0MB
MD5

340dfa622566a6d9043b005b5e120887
SHA1

a776f964789ff8f46c642fd0ebe3f58fa612f151
SHA256

a07ee3ca01cb062b48e845900e3ec30b32a86b6b431e6e1ec34bf6083b3a146d
SHA512

80d773df1766d7610a46167a0a84824803fa29680dfe70afc58f3262028453f840e20e164037373b0b1581092aca6c94369376956f4076f30578d35201d3a23f
SSDEEP

98304:SpvAdVbMl+6yYwx70v9xUOOn/1XYV1HjsC6n:lVbuTl9AiVCCu

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
sample	themida

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dr web cureit Nelxi Edition.exe

Files

Dr web cureit Nelxi Edition.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 54KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ